This little, nerdy, techie nichy type of article would normally go right over my head, but given my background in security (Computer Associates and Comodo), the recent news about Symantec acquiring VeriSign got me thinking. The deal, in a nutshell, means that Symantec, known for its security suite is looking to expand into the authentication business by buying VeriSign, a certification authority, whose core product, SSL certificates, is BTW shrinking.

Here’s the official Symantec spin:

“The combination of VeriSign’s security products, services and recognition as the most trusted brand online and Symantec’s leading security solutions and widespread distribution will enable Symantec to deliver on its vision of a world where people have simple and secure access to their information from anywhere.”

Symantec and VeriSign actually have a lot in common. They both grew by acquiring technology (as an aside I think Symantec is good at integrating new companies into its line-up). Both are in a commodity business with real challenges in managing partners and pricing:

“With this acquisition, we extend our strategy to create the most trusted brand…The VeriSign check mark is the most recognized symbol of trust online… Symantec’s security solutions and the company’s Norton-branded suites protect more than one billion systems and users around the world. By bringing these security assets together, Symantec will become the leading source of trust online.”

But one is left scratching their head when you continue to read the Symantec explanation of why they are acquiring VeriSign. Here is clincher:

“Symantec plans to incorporate the VeriSign check mark into a new logo to convey that it is safe to communicate, transact commerce and exchange information online.”

You read right. While the clearly appreciate the power of the VeriSign icon – they intend to ditch it. Something does not compute.

What do I think is going on here? For my money, both companies needed each other as a defensive stance rather than as growth measure. Let’s start with VeriSign. Their product line has come under significant pressure from a wide variety of sources given the wide net of their largely unsuccessful acquisition efforts. Worse, in their core SSL business, there was no way to maintain a premium pricing structure given the success of value based alternatives such as GlobalSign or Comodo.

As for Symantec, they are frantically acquiring companies and the VeriSign deal was the third encryption-related purchase for Symantec in three weeks! Their land grab in the authentication space is necessary because; a) there little home grown technology to build from and b) as security solutions become utterly commoditized, the higher margin opportunities are left in authentication services.

I can only speculate on the net gain or loss for the shareholders of both companies, but Symantec’s sudden fondness for becoming “…the leading source of trust online” seems rather “Johnny come lately” especially given their current “confidence in a connected world” focus.

Becoming a “leading source of online trust” is not something you wake up to one morning and decide to do. It is has to be the central “why” to a company. It has to drive how you innovate, what you acquire and how you build your offerings. Have I ever seen that kind of intense commitment to online trust from Symantec? Nope. Can you say that the VeriSign is a brand that means some notion of online trust? Yup. Are either company known as a technology innovator? No and not in this lifetime.

That’s why when you add this acquisition to the other companies Symantec acquired, you start getting this vague techno-Frankenstein quality to its brand as though some “mad board of techno-scientists” tried to create a viable company from the parts other companies. Paying $1.3B for a company with about $400MM in sales seems a lot to pay so possibly some “trust” dust will cling to the Symantec brand. IMHO though – the math doesn’t add up.

I admit a certain hyper sensitivity to all things security when it comes to Internet. I worked at CA and then Comodo – both heavy players in the online security world. I learned about the scary things that can happen if you go online alone. It is not a pretty picture.

So it’s no wonder that I tend to have a zero tolerance to bad online security practices – among my friends, my family, my peers. I have even less tolerance (is that possible?) for online security industry practices that can allow 1,000 PCs to get infected before an ad is checked for malware.

That’s right! I recently learned that all the ad serving platforms check ads in their networks after it has been served. In the case of Right Media I am told an ad is served 1,000 times before it is checked. If the ad is malware – oh well – 1,000 PCs are likely to get infected. I was shocked TBH. And I was even more shocked to learn that according to all the large ad serving platforms it seemed perfectly OK (at least the 4 large ones) to check ads after they have been served already. I had the chance to press a rep from Right Media for an explanation about why are ads not checked before they are served. It was explained to me that the sheer tonnage of ads would make checking everything before it ran impractical.

That answer seemed pretty lame actually. And one does not have to look hard to see how this causes problem up and down the ad market value chain. Recently, TechCrunch and The Drudge Report were hit with malware on their sites served up by an ad in the network. http://news.cnet.com/8301-27080_3-20000353-245.html. The backlash was felt by the likes of Michael Arrington who had to explain the issue to his audience. I felt his pain, more keenly felt because I knew there was little he could do to make it better. It is likely to happen again – the only question is when.

Here we see most blatantly the bad things that happen when you detach consequences from accountability as is the case here. The ad server networks are the ones who serve up the ads, good or bad, but if there is fall-out, it is largely felt by the site that delivered the ad. That ruptures the basic laws of accountability and consequence which ultimately leaves at least 1,000 PCs infected with malware every time there is a virus outbreak.

Now I really do not understand the technological limits of checking ads within an ad networks – but how can it be OK to permit ads to be served before they are checked? Could it be that 1,000 is too small a number to worry about? And as the number of ads being served grows, will a higher 10,000 threshold be OK? Then maybe 100,000 will be a tolerable number?

Here is a challenge to the industry. Elinor Mills’ article on this subject mentions Bennie Smith, a vice president of exchange policy at Yahoo’s Right Media who I invite to respond here. Maybe I it got it wrong. Set the record straight – please – I really want to be wrong.

Better yet – I would love to start a dialogue to solve the problem – between agencies, ad networks, advertisers and the security industry. Sometimes talk is not enough. An alternative is needed – an alternating current. But more on that coming…

In the real world, segregation by class or race or age is rightly understood as under utilizing the full potential of people in society. There is universal recognition that people should be free to achieve their highest potential based effort and talent – not on what money they were born with. And this ideal is what we all believe delivers the best humanity has to offer.

Now when the Internet was created barely 20 years ago – it seemed to emerge from a perspective of an open, “democratic” framework where anyone could achieve anything. It leapfrogged over our normal inclination to create a stratified society but allowed unfettered potential to anyone irrespective of class.

The promise of this egalitarian digital society fueled so much hope. In this digital utopia, the thinking went, small ecommerce sites could challenge the big guys. Or anyone from any corner of the world could enrich their mind with a mouse and an online connection. And closed societies could now be opened within this enlightened new world.

While the real world continually and relentlessly divides the world into the “have’s and have nots”, the Internet seemed to have sidestep that whole unsavory dimension of our human nature.

But as the Internet emerges from infancy into maturity, I sense a new dynamic that is subtly introducing segregation into the system. It started when the small ecommerce sites realized that it took more than digital pluck to get ahead in the online ecommerce world since SEO and advertising did cost money.

Then, when Microsoft introduced BING as a “decision engine”, it was another, subtle form of class division. After all, most of the time a decision is only required in a buying process not in true information discovery. And the recent news about Murdoch making his content invisible to Google continues the segregation momentum. No more can news be available for all – but only for those who can pay.

It seems to me see that our digital society is following the sad patterns of our real world societies of info “have’s and have not’s”. It is sad to watch. It is sad to contemplate that in the drive to monetize the Internet; our early ideals of the Internet seemed to have fallen by the wayside.

But there are companies who are fighting this trend and who continue to offer the promise of a free Internet and have innovated to generate revenue while maintaining this ideal. Some great examples include Comodo who offer the best in PC security for free and a social networking company called Houseparty who empower anyone to earn revenue from the Internet legitimately (and without any financial investment).

I have read with relish the book by Kurzweil, The Singularity is Near and I respectfully borrow the phrase. The fundamental premise of his book is that we have approached “the knee of the curve” in our technological evolution, the moment where the pace of change will fundamentally change our biological evolution. Essentially, he argues with good cause, that change is happening faster and more fundamentally than most fully appreciate.

And I think he’s right based on my personal experience. Much like a woman born at the turn of the last century, who saw in her lifetime the evolution from horseback to space travel, I too have seen a similar step change evolution in the connectiveness of the planet in a mere 15 years. In that time, I saw the transition from limited, one to one communications that was very expensive (I remember the days when a long distance call was a big thing) to a model where we can be connected with virtually no limits in terms of distance or scope.

It is breathtaking … but I think Kurzweil limits his scope. Kurzweil places technology at the center of the change engine but I think if we focus on technology as the key driver, we limit its potential. We must remind ourselves to put the human factor at the heart of the technology evolution – not the other way around.

And this focus on the human element must also apply to how the next generation Internet, sometimes called Web 3.0, will evolve. We must give full expression within this evolution to our human instinct to establish trusted connectedness in the web world in the same way we enjoy trusted connectedness in the real world.

Yet in the conversations today about next generation web there is decided lack of focus on the human factor, (heck even the name Web 3.0 betrays the techno focus). For Google, the next generation web is about technology that delivers a personal web experience via intelligent search agent. For other companies, semantic technology that lets computers understand meaning better, is how the new, next web will evolve. All these technologies are all important, but they are a only a means to an end.

The end game for the next generation web is the creation of this trusted model of community, commerce and communications for everyone just like we have in our everyday, real worlds. This model puts the human need to trust as central to the conversation — not be peripheral to the thinking. This, for me, suggests we are creating a connected singularity in a Connected Web enabled by a concept of Social Authentication™ put forward by Comodo. For this new “Connected Web” to work, it must be grounded on trust and trusted networks.

This is why Paltalk will be hosting the third TechNow event; Transforming the Web into YOUR Web airing March 19 at 3:00 (EST) with Melih Abdulhayoglu, CEO and Chief Security Architect of Comodo. During this live, interactive event, Melih will challenge conventional thinking about how we create the emerging next generation Web, sharing his vision about how a Connected Web needs to be based on trust. Melih will be joined by noted industry analyst, Henry Blodget of Alley Insider, in a discussion about:

It’s a common greeting among kids. “Hey, what’s up?” they ask wanting to get the latest updates on what’s happening in their friends lives.

Now technology provides a way to let our connections perpetually know “What’s Up” with us – all the time, if we want. The new social networking platform has made the act of keeping up easy and far more powerful than ever before. But the new digital transparency raises some tough questions.

How do we keep our sensitive information out of the hands of fraudsters as we tweet publically about what we buy and where we are?

How do we know if a “friend request” is real or really some Trojan virus planted on a site?

How does security, identity management and social networking intersect to ensure a way to stay safe online?

Should there be standards for the social networking industry today? If so, who should drive it – the government, the industry or some other new standard body?

These are new and difficult questions that affect all of us. This is why I am pleased that Paltalk will be bringing a new series called TechNow where industry experts and you will discuss important technology issues of the day.

On Tuesday, March 3rd at 3pm EST we have two industry experts, Melih Abdulhayoglu, CEO of Comodo and Henry Blodget, CEO of Silicon Alley Insider, in a live interactive event entitled; Your Digital Identity – Manage It Or Lose It. They will delve into this compelling topic and I invite you to come along for the debate and share your thoughts, live.

Yet that is what the Internet asks us to do every day! We must conduct confidential transactions online – yet we often have no way to verify the authenticity of the site. We want to share our lives with our trusted network of friends, yet we worry that in our transparency and our tweets to our colleagues, we risk our very identity to the bad guys. How do we balance our desire to go online with our need to know that we can trust sites, information and communications?

Can we ever hope that the Internet of today becomes the Trusted Internet of tomorrow?

These are questions we all confront as we conduct more of our lives online. Join two leading tech titans, visionary Melih Abdulhayoglu, CEO of Comodo and noted Internet commentator Henry Blodget as they discuss live on the Paltalk Network their ideas on the future of the Internet in a three part series entitled, “Are we the crash dummies of the new Internet age?”

This live, interactive Internet event gives Melih and Henry a chance to share their thoughts with each and with the audience on a range of subjects organized in three parts. The first program, airing February 10 at 3 pm (EST), will cover, The Internet Today: Like Cars before Seatbelts. This talk will address the truth about where we are today and how the criminal elements may very well take over the Internet. The second program, scheduled for March 3 at 3 pm (EST) will focus on how much should we reveal about ourselves online. This show, entitled “Your Digital Identity – Establish it or lose it”will discuss how do we continue to live online without risking ourselves. Lastly, the third program, entitled, Transforming the Web into Your Web, airing March 19 at 3 pm (EST) will challenge us to address how we navigate through an increasingly complex Internet while leveraging new powerful tools, such as our social networks, to carve out a personal web for each one of us.

Melih Abdulhayoglu created Comodo in 1998 with a bold vision of making the Trusted Internet a reality for all. His innovations have challenged some of the largest corporations and his pioneering business model earned him Ernst & Young’s Entrepreneur Of The Year® 2008 Award in the Information Technology Software Category for New Jersey.

Melih has led the industry in new digital security technologies for large enterprises, computer manufacturers and governmental organizations worldwide. This success has resulted in Comodo Certificate Authority, becoming the 2nd largest CA worldwide and Comodo’s award winning desktop security solutions are now one of most popular in the market today.

Silicon Alley is an online business media company based in New York. Prior to founding SAI inMay, 2007, Henry was CEO of Cherry Hill Research, an Internet research and consulting firm.

From 1994-2001, Henry was an investment banker at Prudential Securities and an equity analyst at Oppenheimer & Co. and MerrillLynch. As a Managing Director at Merrill, he ran the firm’s global Internet research practice and was the top-ranked Internet analyst on Wall Street. Blodget’s first book, The Wall Street Self-Defense Manual: A Consumer’s Guide to Intelligent Investing, was published in January 2007.

I hope you can join me for the pivotal live event. Bring your webcams 🙂

I stumbled upon this recent quote from Melih Abdulhayogluin the Comodo Forum. The context for this quote was that in software security, applications may be trusted to do certain things but not other things. Said simpler, Melih introduced in my mind the concept of limited trust – all trust is related to the function at hand.

He meant it in a technical sense of course, but that idea just grabbed me and wouldn’t let go. Taken to its logical (albeit cosmic) conclusion, his simple technical idea started a storm in my mind that suggested that there can be no situation where one person completely and wholly trusts another, all the time.

This idea put a knife in my highly precious set of beliefs that include you can trust completely or, that love triumphs over all and I was determined to protect this idealistic concept.

At I first tried to answer the question by looking at my own experience. Was there anyone, when I really analyzed it rationally, that I totally trusted? On everything? I thought long and hard and the answer was a depressing no. There was no one I trusted all the time for everything.

Then I thought – damn he was right. I was feeling worse. It was going to be a long night. But the more I tried to rationalize this concept, the further the knife was driven into the heart of my now, on life support idea, that we can trust people in our lives completely.

I needed to be inspired and so I turned inward. I started to think about the people I love in my life and I realized how closely tied love and trust really are. Once I made that connection, the answer became clear.

Trust can be bestowed wholly and unquestioningly … but there is a trick. Just like love, we can trust completely but we must really understand the people we give our trust to because then we know what not to count on them for. If trust is “done right”, trust can be maintained because there is no situation where they are being “set up to fail”. And there’s a sweeter side too if we trust this way. The power of trusted-ness, means that it can withstand the occassional dings of disappointments that inevitably occur.

In the end, if someone we trust disappoints us too much – we should look to ourselves first. The answer is not that they failed (if our trust was well placed), but that we failed to observe well enough. It’s not that we can’t trust universally, it is that we did not do it right.

It’s a meaningful difference that frames the concept for me better. After all, trust so fundamental to how we live a rich life – I couldn’t let that sad “you can’t trust anyone” thought roam freely in my mind.